{ "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2024-10-18T10:29:22Z", "creators": [ "Organization: Ambu A/S" ] }, "dataLicense": "CC0-1.0", "hasExtractedLicensingInfos": [ { "extractedText": "DicomConnect Commercial license given to Ambu by SoftGate", "licenseId": "LicenseRef-DCCommercial", "seeAlsos": [ "http://spdx.org/rdf/terms#none" ] }, { "extractedText": "QT license given to Ambu by QT Group", "licenseId": "LicenseRef-QTCommercial", "seeAlsos": [ "http://spdx.org/rdf/terms#none" ] } ], "name": "AMP2.4 eSBOM", "spdxVersion": "SPDX-2.3", "documentNamespace": "https://ambu.com", "packages": [ { "SPDXID": "SPDXRef-QT", "comment": "Not applicable. Open source with partly commercial license. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "http://spdx.org/rdf/terms#none", "filesAnalyzed": true, "licenseDeclared": "LicenseRef-QTCommercial", "name": "QT", "supplier": "Organization: QT Group", "versionInfo": "6.6.2" }, { "SPDXID": "SPDXRef-Boost", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://boostorg.jfrog.io/artifactory/main/release/1.78.0/source/boost_1_78_0.tar.bz2", "filesAnalyzed": true, "licenseDeclared": "BSL-1.0", "name": "Boost", "supplier": "Organization: Open Source", "versionInfo": "1.78.0" }, { "SPDXID": "SPDXRef-libyaml", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://pyyaml.org/download/libyaml/yaml-0.2.5.tar.gz", "filesAnalyzed": true, "licenseDeclared": "MIT", "name": "libyaml", "supplier": "Organization: Open Source", "versionInfo": "0.2.5" }, { "SPDXID": "SPDXRef-yaml-cpp", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://github.com/jbeder/yaml-cpp", "filesAnalyzed": true, "licenseDeclared": "MIT", "name": "yaml-cpp", "supplier": "Organization: Open Source", "versionInfo": "0.7.0" }, { "SPDXID": "SPDXRef-SQLite", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://www.sqlite.org/", "filesAnalyzed": true, "licenseDeclared": "blessing", "name": "SQLite", "supplier": "Organization: SQLite Consortium", "versionInfo": "3.38.5" }, { "SPDXID": "SPDXRef-GStreamer", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-1.20.7.tar.xz", "filesAnalyzed": true, "licenseDeclared": "LGPL-2.1-or-later", "name": "GStreamer", "supplier": "Organization: Open Source", "versionInfo": "1.20.7" }, { "SPDXID": "SPDXRef-Linux-kernel", "comment": "Ambu configured Linux kernel.", "downloadLocation": "http://spdx.org/rdf/terms#none", "filesAnalyzed": true, "licenseDeclared": "GPL-2.0-only", "name": "Linux kernel", "supplier": "Organization: Open Source", "validUntilDate": "2026-12-31T00:00:00Z", "versionInfo": "6.6.23" }, { "SPDXID": "SPDXRef-OpenSSL", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "http://www.openssl.org/source/openssl-3.0.12.tar.gz", "filesAnalyzed": true, "licenseDeclared": "Apache-2.0", "name": "OpenSSL", "supplier": "Organization: The OpenSSL Project", "versionInfo": "3.0.12" }, { "SPDXID": "SPDXRef-DCMTK", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://dicom.offis.de/download/dcmtk/dcmtk366/dcmtk-3.6.7.tar.gz", "filesAnalyzed": true, "licenseDeclared": "OFFIS", "name": "DCMTK", "supplier": "Organization: Offis", "versionInfo": "3.6.7" }, { "SPDXID": "SPDXRef-DICOMConnect", "comment": "Not given. Commercial IEC 62304 Class B software. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "http://spdx.org/rdf/terms#none", "filesAnalyzed": true, "licenseDeclared": "LicenseRef-DCCommercial", "name": "DICOMConnect", "supplier": "Organization: Soft-Gate", "versionInfo": "3.5.2" }, { "SPDXID": "SPDXRef-Barebox", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://www.barebox.org/download/barebox-2021.03.0.tar.bz2", "filesAnalyzed": true, "licenseDeclared": "GPL-2.0-only", "name": "Barebox", "supplier": "Organization: Pengutronix", "versionInfo": "2023.11.0" }, { "SPDXID": "SPDXRef-RAUC", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://github.com/rauc/rauc/releases/download/v${PV}/rauc-${PV}.tar.xz", "filesAnalyzed": true, "licenseDeclared": "LGPL-2.1-only", "name": "RAUC", "supplier": "Organization: Pengutronix", "versionInfo": "1.11.3" }, { "SPDXID": "SPDXRef-WPA-Supplicant", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "http://w1.fi/releases/wpa_supplicant-2.10.tar.gz", "filesAnalyzed": true, "licenseDeclared": "BSD-3-Clause", "name": "WPA Supplicant", "supplier": "Organization: Open Source", "versionInfo": "2.10" }, { "SPDXID": "SPDXRef-Squash-FS", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://github.com/plougher/squashfs-tools/archive/refs/tags/4.5.tar.gz", "filesAnalyzed": true, "licenseDeclared": "GPL-2.0-only", "name": "Squash FS", "supplier": "Organization: Open Source", "versionInfo": "4.5" }, { "SPDXID": "SPDXRef-Samba", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "http://samba.org/samba/ftp/stable/samba-4.14.14.tar.gz", "filesAnalyzed": true, "licenseDeclared": "GPL-3.0-or-later AND LGPL-3.0-or-later AND GPL-2.0-or-later", "name": "Samba", "supplier": "Organization: Open Source", "versionInfo": "4.14.14" }, { "SPDXID": "SPDXRef-Iptables", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "http://netfilter.org/projects/iptables/files/iptables-1.8.7.tar.bz2", "filesAnalyzed": true, "licenseDeclared": "GPL-2.0-or-later", "name": "Iptables", "supplier": "Organization: Open Source", "versionInfo": "1.8.7" }, { "SPDXID": "SPDXRef-exFAT", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://github.com/relan/exfat/releases/download/v1.3.0/exfat-utils-1.3.0.tar.gz", "filesAnalyzed": true, "licenseDeclared": "GPL-2.0-only", "name": "exFAT", "supplier": "Organization: Open Source", "versionInfo": "1.3.0" }, { "SPDXID": "SPDXRef-dhcpcd", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://github.com/NetworkConfiguration/dhcpcd/archive/refs/tags/v9.4.1.tar.gz", "filesAnalyzed": true, "licenseDeclared": "BSD-2-Clause", "name": "dhcpcd", "supplier": "Organization: Open Source", "versionInfo": "9.4.1" }, { "SPDXID": "SPDXRef-BlueZ", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "http://www.kernel.org/pub/linux/bluetooth/bluez-5.65.tar.xz", "filesAnalyzed": true, "licenseDeclared": "GPL-2.0-or-later AND LGPL-2.1-or-later", "name": "BlueZ", "supplier": "Organization: Open Source", "versionInfo": "5.65" }, { "SPDXID": "SPDXRef-BusyBox", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://busybox.net/downloads/busybox-1.35.0.tar.bz2", "filesAnalyzed": true, "licenseDeclared": "GPL-2.0-only", "name": "BusyBox", "supplier": "Organization: Open Source", "versionInfo": "1.35.0" }, { "SPDXID": "SPDXRef-CUPS", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz", "filesAnalyzed": true, "licenseDeclared": "Apache-2.0", "name": "CUPS", "supplier": "Organization: Open Source", "versionInfo": "2.4.2" }, { "SPDXID": "SPDXRef-OpenLDAP", "comment": "Not applicable. Open source without end of support. Part of cybersecurity vulnerability monitoring.", "downloadLocation": "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.5.16.tgz", "filesAnalyzed": true, "licenseDeclared": "OLDAP-2.8", "name": "OpenLDAP", "supplier": "Organization: Open Source", "versionInfo": "2.5.16" } ], "relationships": [ { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-QT", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-Boost", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-libyaml", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-yaml-cpp", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-SQLite", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-GStreamer", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-Linux-kernel", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-OpenSSL", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-DCMTK", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-DICOMConnect", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-Barebox", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-RAUC", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-WPA-Supplicant", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-Squash-FS", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-Samba", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-Iptables", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-exFAT", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-dhcpcd", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-BlueZ", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-BusyBox", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-CUPS", "relationshipType": "DESCRIBES" }, { "spdxElementId": "SPDXRef-DOCUMENT", "relatedSpdxElement": "SPDXRef-OpenLDAP", "relationshipType": "DESCRIBES" } ] }